admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 18:51:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2007/CVE-2007-25xx/CVE-2007-2519.json

455 lines
17 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2007-2519",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-05-22T19:30:00.000",
Auto-Update: 2024-11-22T07:12:16.597899+00:00
2024-11-22 07:15:30 +00:00
"lastModified": "2024-11-21T00:30:58.697",
bootstrap
2023-04-24 12:24:31 +02:00
"vulnStatus": "Modified",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervenci\u00f3n del usuario sobrescribir archivos de su elecci\u00f3n mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instaci\u00f3n (install) en package.xml 2.0. NOTA: podr\u00eda argumentarse que esto no cruza los l\u00edmites de privilegios en instalaciones t\u00edpicas, puesto que el c\u00f3digo que est\u00e1 siendo instalado podr\u00eda realizar las mismas acciones."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
Auto-Update: 2024-11-22T07:12:16.597899+00:00
2024-11-22 07:15:30 +00:00
"baseScore": 6.8,
bootstrap
2023-04-24 12:24:31 +02:00
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
Auto-Update: 2024-11-22T07:12:16.597899+00:00
2024-11-22 07:15:30 +00:00
"availabilityImpact": "PARTIAL"
bootstrap
2023-04-24 12:24:31 +02:00
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": true,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD16518B-EA90-4989-B59A-9E7C9DF3B877"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0419A76C-2783-41E6-8B9D-984099F42454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49ED21D8-425B-4A96-A323-EA19D902571A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60B41712-9EB6-45F9-B5A3-F01113BE8006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C050D0-D118-4538-B334-BA23ADC21569"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2b1:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECCACD0-E734-491A-965F-0DF48B4BA253"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2b2:*:*:*:*:*:*:*",
"matchCriteriaId": "2EB4E3E0-6414-46F9-BBEB-DE93FBFA550D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "28735572-3799-47ED-B8D7-2D7A6562CC8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2b4:*:*:*:*:*:*:*",
"matchCriteriaId": "666E73A5-B149-468B-A2C7-DF1705477297"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.2b5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFA477B-5396-4625-828D-FCBBCA8493FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C6C105BB-1F21-44B6-AE8C-7C33E75CF648"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "375954D3-275B-4120-B833-2A83091013C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC5456B-C8D4-41EF-9944-1ACE6D04FB16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64AE9C03-E7E5-4155-815A-70C160E97F56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A56EB4-5F2A-4FF9-890A-CA316DE637A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB4E0C4-D8F6-4C6D-9574-09DBE3C2D68D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "497E6138-C746-44D9-BE46-5713A3AAFD41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C38F7A3-640C-4383-8707-7D8155CBABAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3b2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B260EFD-C61A-4DFE-B666-8BE84239A692"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3b3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6161A6-E29C-49AF-A4F5-87934C4EEE84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3b5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1724F9-8A5B-4126-BABC-22E8603C571A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.3b6:*:*:*:*:*:*:*",
"matchCriteriaId": "6F7D4EDD-5417-42CE-8E30-59499A34BFCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD19B334-3D0C-4008-A5B5-53FE375B4979"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9BDB709-3887-454D-B874-AFD5FD620731"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "B228EA68-3CEE-4880-B060-B333F68794F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a3:*:*:*:*:*:*:*",
"matchCriteriaId": "33C10AF9-19B7-4C9F-A489-8C8505D87D49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "87475278-5B8B-4BE2-9167-46734A435B49"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a5:*:*:*:*:*:*:*",
"matchCriteriaId": "207BBE32-3570-4A02-A743-A3A45C2A28DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a6:*:*:*:*:*:*:*",
"matchCriteriaId": "13D06662-08E6-46D8-A05B-9118D795F203"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a7:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6D259D-7AC3-4F4A-A855-64FD8FF7E818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4B6FDA-0165-4268-95BA-915918099733"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a9:*:*:*:*:*:*:*",
"matchCriteriaId": "B506B9CE-CE74-410D-BEFE-75BDF738872A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a10:*:*:*:*:*:*:*",
"matchCriteriaId": "D96FCB3D-AC46-43D7-A2E7-CB6BFED37167"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a11:*:*:*:*:*:*:*",
"matchCriteriaId": "D65E8898-C249-401A-97D4-B4431EC04B00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0a12:*:*:*:*:*:*:*",
"matchCriteriaId": "1299C8A2-FB8D-446E-83AC-C78091D14ACF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFDED6F-D871-4F81-9ADE-D1B6E5A82E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF54A7BC-D8EC-4ABC-9552-25BB4D592A93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "516F5E30-AB29-4AEA-B069-8FEBAF288F46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBDD00D-0D9C-487B-90A0-D61BAB782C88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "730B3D7E-43AD-4EA6-A3E7-C0424BA61A64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFECD3A-4669-4D0C-BC51-AA2B635CB3B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DF4DAD-7129-493B-B7EA-ADA33F734DB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "13766879-04DA-42A2-B147-31D69430FE19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ADB86D-0655-4289-8644-4DBF76162CA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5C847B-FD77-4CB3-BD64-0BDA3EC17A5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE65B11-B3F2-4CB1-994B-979EA3885B21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BBCE5B14-6A83-44EA-971E-0CEDBBE6203B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9A0E25-9DCB-4ABB-8039-D9261A95CA5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "84069051-338F-4174-9AEB-C41112B2FFF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.10rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3401D8C6-5C42-4F59-AA40-7C5D83551E08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7E52E2FA-3A8E-40EF-B57E-ADE9AA9810F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36CEB135-9EFD-490E-BEBA-F3FA75098463"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "05F60E95-5D51-4D06-B4D4-777E78F89D9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB25D31-BD14-4BAB-8D5C-D297F2C61600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "5AEF216F-0ED7-4999-A3A3-285440374773"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.0rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FF8942-4C67-4674-8DE4-F4948C8FD61D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03F711A9-EFD7-46A2-B826-19183FBB3FFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B3F0C6-386E-44B7-85A8-54CE26874384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php_group:pear:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCDED4C0-5733-4322-844D-A2085AFD6CA6"
}
]
}
]
}
],
"references": [
Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00
{
"url": "http://osvdb.org/42108",
"source": "cve@mitre.org"
},
bootstrap
2023-04-24 12:24:31 +02:00
{
"url": "http://pear.php.net/advisory-20070507.txt",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://pear.php.net/news/vulnerability2.php",
"source": "cve@mitre.org"
},
Auto-Update: 2024-04-04T08:42:25.815847+00:00
2024-04-04 08:46:00 +00:00
{
"url": "http://secunia.com/advisories/25372",
"source": "cve@mitre.org"
},
bootstrap
2023-04-24 12:24:31 +02:00
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:110",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/24111",
"source": "cve@mitre.org"
},
{
"url": "http://www.ubuntu.com/usn/usn-462-1",
"source": "cve@mitre.org"
},
{
"url": "http://www.vupen.com/english/advisories/2007/1926",
"source": "cve@mitre.org"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34482",
"source": "cve@mitre.org"
Auto-Update: 2024-11-22T07:12:16.597899+00:00
2024-11-22 07:15:30 +00:00
},
{
"url": "http://osvdb.org/42108",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://pear.php.net/advisory-20070507.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://pear.php.net/news/vulnerability2.php",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://secunia.com/advisories/25372",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:110",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/24111",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.ubuntu.com/usn/usn-462-1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.vupen.com/english/advisories/2007/1926",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34482",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
],
"vendorComments": [
{
"organization": "Red Hat",
"comment": "Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.",
"lastModified": "2007-05-24T00:00:00"
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink